ISPConfig3 devel
view | history | commit | commitdiff
Marius Burkard
2016-04-20 4569cae57f127afd093794310ccd290d2d9fdf36
commit | author | age
381520 1 <?php
M 2 /*
3 Copyright (c) 2008, Till Brehm, projektfarm Gmbh
4 All rights reserved.
5
6 Redistribution and use in source and binary forms, with or without modification,
7 are permitted provided that the following conditions are met:
8
9     * Redistributions of source code must retain the above copyright notice,
10       this list of conditions and the following disclaimer.
11     * Redistributions in binary form must reproduce the above copyright notice,
12       this list of conditions and the following disclaimer in the documentation
13       and/or other materials provided with the distribution.
14     * Neither the name of ISPConfig nor the names of its contributors
15       may be used to endorse or promote products derived from this software without
16       specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
25 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30
31 /******************************************
32 * Begin Form configuration
33 ******************************************/
34
35 $tform_def_file = "form/database_user.tform.php";
36
37 /******************************************
38 * End Form configuration
39 ******************************************/
40
b1a6a5 41 require_once '../../lib/config.inc.php';
MC 42 require_once '../../lib/app.inc.php';
381520 43
M 44 //* Check permissions for module
45 $app->auth->check_module_permissions('sites');
46
47 // Loading classes
48 $app->uses('tpl,tform,tform_actions');
49 $app->load('tform_actions');
50
51 class page_action extends tform_actions {
52
7e2a3f 53     function onShowNew() {
FS 54         global $app;
55
56         // we will check only users, not admins
57         if($_SESSION['s']['user']['typ'] == 'user') {
2527d2 58             if(!$app->tform->checkClientLimit('limit_database_user')) {
7e2a3f 59                 $app->error($app->tform->wordbook["limit_database_user_txt"]);
FS 60             }
2527d2 61             if(!$app->tform->checkResellerLimit('limit_database_user')) {
7e2a3f 62                 $app->error('Reseller: '.$app->tform->wordbook["limit_database_user_txt"]);
FS 63             }
64         }
65
66         parent::onShowNew();
67     }
68
381520 69     function onShowEnd() {
M 70         global $app, $conf, $interfaceConf;
71
72         /*
73          * If the names are restricted -> remove the restriction, so that the
74          * data can be edited
75          */
bd68aa 76
381520 77         //* Get the database user prefix
31f6ce 78         $app->uses('getconf,tools_sites');
381520 79         $global_config = $app->getconf->get_global_config('sites');
31f6ce 80         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
bd68aa 81
b1a6a5 82         if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
381520 83             // Get the limits of the client
604c0c 84             $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
cc7a82 85             $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
bd68aa 86
b1a6a5 87             // Fill the client select field
2af58c 88             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
MC 89             $records = $app->db->queryAllRecords($sql, $client['client_id']);
90             $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
b1a6a5 91             $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
MC 92             //$tmp_data_record = $app->tform->getDataRecord($this->id);
93             if(is_array($records)) {
94                 foreach( $records as $rec) {
95                     $selected = @(is_array($this->dataRecord) && ($rec["groupid"] == $this->dataRecord['client_group_id'] || $rec["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
96                     $client_select .= "<option value='$rec[groupid]' $selected>$rec[contactname]</option>\r\n";
97                 }
98             }
99             $app->tpl->setVar("client_group_id", $client_select);
100         } elseif($_SESSION["s"]["user"]["typ"] == 'admin') {
381520 101             // Fill the client select field
ca4b71 102             $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
381520 103             $clients = $app->db->queryAllRecords($sql);
M 104             $client_select = "<option value='0'></option>";
105             //$tmp_data_record = $app->tform->getDataRecord($this->id);
106             if(is_array($clients)) {
107                 foreach( $clients as $client) {
108                     //$selected = @($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':'';
109                     $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
615a0a 110                     $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
381520 111                 }
M 112             }
b1a6a5 113             $app->tpl->setVar("client_group_id", $client_select);
MC 114         }
bd68aa 115
MC 116
381520 117         if ($this->dataRecord['database_user'] != ""){
M 118             /* REMOVE the restriction */
10b4c8 119             $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix));
381520 120         }
bd68aa 121
ba18a8 122         if($this->dataRecord['database_user'] == "") {
07c297 123             $app->tpl->setVar("database_user_prefix", $dbuser_prefix);
SC 124         } else {
125             $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']));
126         }
bd68aa 127
381520 128         parent::onShowEnd();
M 129     }
bd68aa 130
b1a6a5 131     function onSubmit() {
MC 132         global $app;
bd68aa 133
b1a6a5 134         if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
bd68aa 135
b1a6a5 136         parent::onSubmit();
MC 137     }
381520 138
M 139     function onBeforeUpdate() {
140         global $app, $conf, $interfaceConf;
141
142         //* Get the database user prefix
31f6ce 143         $app->uses('getconf,tools_sites');
381520 144         $global_config = $app->getconf->get_global_config('sites');
31f6ce 145         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
381520 146
2af58c 147         $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = ?", $this->id);
bd68aa 148
b1a6a5 149         $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);
MC 150         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
bd68aa 151
381520 152         //* Database username shall not be empty
M 153         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
154
b1a6a5 155         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';
bd68aa 156
381520 157         //* Check database user against blacklist
b1a6a5 158         $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');
MC 159         if(in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) {
381520 160             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 161         }
bd68aa 162
381520 163         if ($app->tform->errorMessage == ''){
M 164             /* restrict the names if there is no error */
b1a6a5 165             /* crop user and db names if they are too long -> mysql: user: 16 chars / db: 64 chars */
381520 166             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
M 167         }
bd68aa 168
MC 169         /* prepare password for MongoDB */
170         // TODO: this still doens't work as when only the username changes we have no database_password.
171         // taking the one from oldData doesn't work as it's encrypted...shit!
172         $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];
173
b1a6a5 174         $this->dataRecord['server_id'] = 0; // we need this on all servers
bd68aa 175
381520 176         parent::onBeforeUpdate();
M 177     }
178
179     function onBeforeInsert() {
180         global $app, $conf, $interfaceConf;
bd68aa 181
381520 182         //* Database username shall not be empty
M 183         if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
184
185         //* Get the database name and database user prefix
31f6ce 186         $app->uses('getconf,tools_sites');
381520 187         $global_config = $app->getconf->get_global_config('sites');
31f6ce 188         $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);
bd68aa 189
b1a6a5 190         $this->dataRecord['database_user_prefix'] = $dbuser_prefix;
bd68aa 191
b1a6a5 192         if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';
bd68aa 193
381520 194         //* Check database user against blacklist
b1a6a5 195         $dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');
MC 196         if(is_array($dbuser_blacklist) && in_array($dbuser_prefix . $this->dataRecord['database_user'], $dbuser_blacklist)) {
381520 197             $app->tform->errorMessage .= $app->lng('Database user not allowed.').'<br />';
M 198         }
199
200         /* restrict the names */
b1a6a5 201         /* crop user names if they are too long -> mysql: user: 16 chars / db: 64 chars */
381520 202         if ($app->tform->errorMessage == ''){
M 203             $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
204         }
bd68aa 205
MC 206         $this->dataRecord['server_id'] = 0; // we need this on all servers
207
208         /* prepare password for MongoDB */
209         $this->dataRecord['database_password_mongo'] = $this->dataRecord['database_user'].":mongo:".$this->dataRecord['database_password'];
210
381520 211         parent::onBeforeInsert();
M 212     }
213
214     function onAfterInsert() {
215         global $app, $conf;
bd68aa 216
381520 217         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 218             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 219             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 220         }
M 221         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 222             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 223             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 224         }
M 225     }
226
227     function onAfterUpdate() {
228         global $app, $conf;
229
230         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
65ea2e 231             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 232             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 233         }
M 234         if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
65ea2e 235             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
2af58c 236             $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);
381520 237         }
M 238     }
239
240 }
241
242 $page = new page_action;
243 $page->onLoad();
244
b1a6a5 245 ?>